[tor-dev] Sandboxed Tor Browser should be officially developed

Matthew Finkel matthew.finkel at gmail.com
Thu Jul 26 02:18:47 UTC 2018 

On Tue, Jul 24, 2018 at 01:37:10AM +0000, Matthew Finkel wrote:
> On Mon, Jul 16, 2018 at 01:32:19AM +0000, Matthew Finkel wrote:
> > Hi Everyone,
> > 
> > We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in
> > #tor-meeting on OTFC.
> 
> Reminder!
> 

We had a good meeting yesterday - meeting notes are available online[0].

During the meeting we briefly discussed the different methods we can use
for sandboxing Tor Browser on the different platforms. We then moved on
to discussing our goals with sandboxing Tor Browser and what are the
criteria for the solution we choose. That conversation led us to
enumerate the criteria[1] and start thinking about the trade-offs
associated with them and how we evaluate them (not exhaustive).

Types of sandbox:
  a) one standard VM on all desktop OSes running Tor Browser on Linux
  b) Per-OS container/virtualization solution
  c) No container/vm, but sandboxing the parent and content processes
     using OS-specific mechanisms (dropping privs etc.)
  d) a mix of all options choosing the best per platform
  
Evaluation criteria for a)-d)
  1) (in the face of a browser exploit) tracking protection
  2) (no browser exploit) tracking protection
  3) (in the face of a browser exploit) proxy bypass protection
  4) (no browser exploit) proxy bypass protection
  5) user experience 
  6) development effort (including time to market with improved
     security)
  7) maintainability
  8) uplift possibilities
  9) installation size? (part of user experience?)
  10) ability to take advantage of expected future security improvements
  11) Compatibility with future browser/app development plans at the Tor
      Project

We ran out of time, and we didn't finish, but we'll continue this
discussion on the tbb-dev at lists.torproject.org mailing list. Please come
join us if you're interested!

[0]
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-24-14.59.txt
[1] https://pad.riseup.net/p/sandbox-07-24

> > 
> > Thanks,
> > Matt

More information about the tor-dev mailing list